Container Violation = Container depth limit exceeded - Error in scan engine logs.

Article:TECH94102  |  Created: 2009-01-20  |  Updated: 2009-01-05  |  Article URL
Article Type
Technical Solution


The scan engine log has an entry stating Container Violation = Container depth limit exceeded, you want to know what to do.

A container violation has been logged with the error as stated, files are being blocked or deleted on the basis of the verdict.


The option under Policies | Filtering | Container Handling | maximum extract depth of file meets or exceeds [ X ] levels, where X is a value greater than 0, is set too low for the environment.


The value needs to be increased to a value that fits with the day to day activities of the environment in question, a good base value for this is to set it to 10 levels as this will allow a reasonable amount of file nesting within containers.
It is good to know that the reason for the container limit is primarily to stop attacks such as a "zip of death" or "zip bomb" denial of service type attacks.

Technical Information

The log entry which appears should be similar to the following:
A container violation has been found
Date/time of event = 2009-05-20 10:01:03
Event Severity Level = Warning
File name = \\\CHECK$\\*.PPT
File status = NOT REPAIRED
Component name = *.PPT/PowerPoint Document
Component disposition = NOT REPAIRED
Container Violation = Container depth limit exceeded
Client IP =
Scan Duration (sec) = 0.578
Connect Duration (sec) = 0.594

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices